const sessionManager = require('../utils/sessionManager');

const filter = (req,resp,next)=>{
  resp.header('Access-Control-Allow-Origin', 'http://localhost:8080');
  resp.header('Access-Control-Allow-Credentials', true);
  resp.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
  resp.setHeader("Access-Control-Allow-Headers", "Content-Type,XFILENAME,XFILECATEGORY,XFILESIZE,x-requested-with,Authorization");
  resp.setHeader('Content-Security-Policy', "default-src 'self'");
  resp.setHeader('X-XSS-Protection', '1; mode=block');
  resp.setHeader('X-Content-Type-Options', 'nosniff');
  if(req.headers.authorization){
    // sessionManager.
  }
  // console.log("header is ",req.headers);
  
  next()
  // const f = ['/user']
  // if(req.path=='/user/login'||req.path=='/user/logout'){
  //   next()
  //   return
  // }
  // if(f.indexOf(req.path)!=-1 || req.path=='/goods'&&req.method=='POST' || req.path=='/goods'&&req.method=='DELETE'){
  //     if(req.session.user_id){
  //       next()
  //     }else{
  //       next('auth err')
  //     }
  // }else{
  //   next()
  // }
}
module.exports ={
  filter
}